|The best way will be to create VPN tunnels. The tricky part is deciding how to setup the tunnels. |
While preferable, a "full mesh" is also costly. You're most cost effective would be a "star" type topolgy. The third possibilty is a "hybrid" topology.
You have 3 sites, A, B, and C.
A "full mesh" would be as follows:
A has connections to both B and C
B has connections to both A and C
C has connections to both A and B
This way if any one link drops, say B to C, C can still communicate with B via A
But this would require 3 VPN endpoints per location for a total of 9.
The "star" method would be A has a connection to B and another to C. This only requires 4 VPN endpoints total.
If you have the cash, you do a "hybrid" topology where A has one connection each to B and C and B and C also have a direct connection between them. This method would require 6 VPN endpoints total.
The above is based on the assumption of a single VPN endpoint device per VPN. I'm pretty sure you can get devices that will carry more than one tunnel. If you can, and you can find reasonably priced devices that can carry up to 3 tunnels, you could do a full mesh with one device in each location.
The reason I went with one device per VPN was redundancy. If you use a single device in each location and creat 3 tunnels in each and the device in B dies, B is isolated and unable to communicate with A or C. If you use the single device per tunnel method, you never lose communcation as there is never a "single point of failuer" in your mesh.
It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.